best way to collect traffic
Oguz Yarimtepe
comp.ogz at gmail.com
Fri Apr 24 03:07:22 EDT 2009
On Fri, 2009-04-24 at 08:44 +0300, Oguz Yarimtepe wrote:
> What is the good way to collect a traffic for analyzing via argus?
Here is the tcpdumpfile, i collected via
tcpdump -i eth0 -n -w testdump
http://www.loopbacking.info/dosya/testdump
and the converted arg3 file
http://www.loopbacking.info/dosya/testdump.arg3
argus -mAJZR -r testdump -w testdump.arg3
When i check with ra as
ra -nr testdump.arg3
i see some <?>
Using racluster caused 0byte file
racluster -L0 -nr testdump.arg3 - tcp and port 22 -s proto saddr sport
dir daddr dport stime ltime dur sbytes sappbytes dappbytes dbytes spkts
dpkts sloss dloss > testdump.txt
--
Oguz Yarimtepe
http://www.loopbacking.info
More information about the argus
mailing list